Specifying an Application's Directory Permissions
When you map a directory to an application, you can also define the application's ability to add/update/delete users and groups in the directory. To do this, use the 'Permissions' tab in the 'View Application' screen.
Directory permissions are defined at two levels:
- Directory-level permissions are defined on the 'Permissions' tab of the 'View Directory' screen. These permissions apply to each application mapped to the directory, unless the application has its own application-level permissions.
- Application-level directory permissions are defined on the 'Permissions' tab of the 'View Application' screen. If a permission is enabled at directory level, you can enable it for a specific application. For example, you could enable the 'Add User' permission on the 'Customers' directory in Jira but disable the permission for Confluence.
Take a look at an example.
Disabling a directory-level permission will override any permissions enabled at application level. If a permission is enabled at application level and then subsequently disabled at directory level, the directory-level permission will apply. (The application-level permissions will be 'remembered' and will apply again if re-enabled at directory level.)
How do directory permissions affect the Crowd application (Crowd Administration Console)?
- If a particular permission is turned off at directory level, then no application can perform the related function - not even the Crowd application. So, for example, if you disable the 'Remove User' permission for a directory, then the Crowd Administration Console will not allow you to delete a user from that directory.
- The Crowd application is not bound by application-level permissions, because any user who could log into the Crowd application could change the application-level permissions for the Crowd application anyway.
For details on directory-level permissions, refer to the instructions on specifying directory permissions. Below are instructions on setting the application-level directory permissions.
Allows the application to add groups to the selected directory.
Allows the application to add users to the selected directory.
Allows the application to modify groups in the selected directory.
Allows the application to modify users in the selected directory.
Allows the application to delete groups from the selected directory.
Allows the application to delete users from the selected directory.
When you initially map a directory to an application, all of the application's permissions are enabled by default. But note that disabling a directory-level permission will override any permissions enabled at application level.
To set the directory permissions for an application,
- Log in to the Crowd Administration Console.
- Click the 'Applications' tab in the top navigation bar.
- This will display the Application Browser. Click the 'View' link next to the application you wish to update.
- This will display the 'View Application' screen. Click the 'Permissions' tab.
- This will display a list of directories that are currently mapped to the application, and a set of permission check-boxes. Select a directory from the list on the left.
- The 'Permissions' check-boxes will change to show the application's existing permissions for that directory.
- To enable a directory permission, select the corresponding check-box.
- To disable a directory permission, deselect the corresponding check-box.
Screenshot: Setting directory permissions for an application
On the application permissions screen, the words '(disabled globally)' will appear next to any permission that is disabled at directory level.
- Using the Application Browser
- Adding an Application
- Integrating Crowd with Atlassian Bamboo
- Integrating Crowd with Atlassian Confluence
- Integrating Crowd with Atlassian CrowdID
- Integrating Crowd with Atlassian Crucible
- Integrating Crowd with Atlassian FishEye
- Integrating Crowd with Atlassian Jira
- Integrating Crowd with Atlassian Bitbucket Server
- Integrating Crowd with Acegi Security
- Integrating Crowd with Jive Forums
- Integrating Crowd with Spring Security
- Integrating Crowd with a Custom Application
- Integrating Crowd with Atlassian HipChat
- Configuring the Google Apps Connector
- Mapping a Directory to an Application
- Effective memberships with multiple directories
- Specifying an Application's Address or Hostname
- Testing a User's Login to an Application
- Enforcing Lower-Case Usernames and Groups for an Application
- Managing an Application's Session
- Deleting or Deactivating an Application
- Configuring Caching for an Application
- Overview of SSO
- Configuring Options for an Application
- Disabling the OpenID client app